github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Reviewed help text, fix typos, go {fmt,vet,lint}.

pull/6/head
Paulo Pires 2016-09-19 16:11:05 +01:00 committed by Ilya Dmitrichenko
parent a42ad6a913
commit 26aa32d32b
No known key found for this signature in database
GPG Key ID: E7889175A6C0CEB9
15 changed files with 115 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
cmd/kubeadm/README.md
View File

@ -5,42 +5,63 @@
### `kubeadm init`
It's usually enough to run `kubeadm init`, but in some case you might like to override the
default behaviour.
default behaviour. The flags used for said purpose are described below.
- `--token=<str>`
- `--token=<token>`
By default, a token is generated, but if you are to automate cluster deployment, you want to
By default, a token is generated, but if you are to automate cluster deployment, you will want to
set the token ahead of time. Read the docs for more information on the token format.
- `--api-advertise-addr=<ip>` (multiple values allowed)
- `--api-external-dns-name=<domain>` (multiple values allowed)
- `--api-advertise-addresses=<ips>` (multiple values are allowed by having multiple flag declarations or multiple values separated by comma)
- `--api-external-dns-names=<domain>` (multiple values are allowed by having multiple flag declarations or multiple values separated by comma)
By default, `kubeadm` will auto detect IP address and use that to generate API server certificates.
If you would like to access the API via any external IPs and/or DNS, which it might not be able
to detect, you can use `--api-advertise-addr` and `--api-external-dns-name` to add multiple
different IP addresses and DNS names.
By default, `kubeadm` will auto detect IP addresses and use that to generate API server certificates.
If you would like to access the API via any external IPs and/or hostnames, which it might not be able
to detect, you can use `--api-advertise-addresses` and `--api-external-dns-names` to add multiple
different IP addresses and hostnames (DNS).
- `--service-cidr=<cidr>` (default: "100.64.0.0/12")
By default, `kubeadm` sets `100.64.0.0/12` as the subnet for services. This means when a service is created, its cluster IP, if not manually specified,
will be automatically assigned from the services subnet. If you would like to set a different one, use `--service-cidr`.
- `--service-cidr=<cidr>` (default: "100.64/12")
- `--service-dns-domain=<domain>` (default: "cluster.local")
- `--use-hyperkube=<bool>` (default: "false")
By default, `kubeadm` sets `cluster.local` as the cluster DNS domain. If you would like to set a different one, use `--service-dns-domain`.
- `--schedule-workload=<bool>` (default: "false")
By default, `kubeadm` sets the master node kubelet as non-schedulable for workloads. This means the master node won't run your pods. If you want to change that,
use `--schedule-workload=true`.
- `--cloud-provider=<cloud provider>`
By default, `kubeadm` doesn't perform auto-detection of the current cloud provider. If you want to specify it, use `--cloud-provider`. Possible values are
the ones supported by controller-manager, namely `"aws"`, `"azure"`, `"cloudstack"`, `"gce"`, `"mesos"`, `"openstack"`, `"ovirt"`, `"rackspace"`, `"vsphere"`.
***TODO(phase1+)***
- `--api-bind-addr=<ip>`
- `--api-bind-address=<ip>`
- `--api-bind-port=<port>`
***TODO(phase2)***
- `--api-bind-loopback-unsecure=<bool>`
***TODO(pahse2)***
- `--prefer-private-network=<bool>`
- `--prefer-public-network=<bool>`
### `kubeadm join`
`kubeadm join` has one mandatory flag, the token used to secure cluster bootstrap, and one mandatory argument, the master IP address.
Here's an example on how to use it:
`kubeadm join --token=the_secret_token 192.168.1.1`
- `--token=<token>`
By default, when `kubeadm init` runs, a token is generated and revealed in the output. That's the token you should use here.
# User Experience Considerations
> ***TODO*** _Move this into the design document

19
cmd/kubeadm/app/api/types.go
View File

@ -20,10 +20,10 @@ import (
"net"
)
// KubeadmConfig TODO add description
type KubeadmConfig struct {
InitFlags
JoinFlags
ManualFlags
Secrets struct {
GivenToken string // dot-separated `<TokenID>.<Token>` set by the user
TokenID string // optional on master side, will be generated if not specified
@ -33,12 +33,13 @@ type KubeadmConfig struct {
EnvParams map[string]string // TODO(phase2) this is likely to be come componentconfig
}
// TODO(phase2) should we add validatin funcs on these structs?
// TODO(phase2) should we add validation functions for these structs?
// InitFlags holds values for "kubeadm init" command flags.
type InitFlags struct {
API struct {
AdvertiseAddrs []net.IP
ExternalDNSName []string
ExternalDNSNames []string
}
Services struct {
CIDR net.IPNet
@ -77,20 +78,14 @@ func init() {
}
}
// JoinFlags holds values for "kubeadm join" command flags.
type JoinFlags struct {
MasterAddrs []net.IP
}
// TODO(phase1?) we haven't decided whether manual sub commands should get merged into main commands...
type ManualFlags struct {
ApiServerURLs string // comma separated
CaCertFile string
BearerToken string // set based on Token
ListenIP net.IP // optional IP for master to listen on, rather than autodetect
}
// ClusterInfo TODO add description
type ClusterInfo struct {
// TODO(pahse1?) this may become simply `api.Config`
// TODO(phase1?) this may become simply `api.Config`
CertificateAuthorities []string `json:"certificateAuthorities"`
Endpoints []string `json:"endpoints"`
}

9
cmd/kubeadm/app/cmd/cmd.go
View File

@ -31,9 +31,9 @@ import (
func NewKubeadmCommand(f *cmdutil.Factory, in io.Reader, out, err io.Writer, envParams map[string]string) *cobra.Command {
cmds := &cobra.Command{
Use: "kubeadm",
Short: "kubeadm: bootstrap a secure kubernetes cluster easily.",
Short: "kubeadm: easily bootstrap a secure Kubernetes cluster.",
Long: dedent.Dedent(`
kubeadm: bootstrap a secure kubernetes cluster easily.
kubeadm: easily bootstrap a secure Kubernetes cluster.
KUBEADM IS ALPHA, DO NOT USE IT FOR PRODUCTION CLUSTERS!
@ -51,14 +51,13 @@ func NewKubeadmCommand(f *cmdutil.Factory, in io.Reader, out, err io.Writer, env
On the first machine
master# kubeadm init master
Your token is: <token>
master# kubeadm init
On the second machine
node# kubeadm join node --token=<token> <ip-of-master>
node# kubeadm join --token=<token> <ip-of-master>
You can then repeat the second step on as many other machines as you like.

28
cmd/kubeadm/app/cmd/init.go
View File

@ -32,20 +32,21 @@ import (
)
var (
init_done_msgf = dedent.Dedent(`
initDoneMsgf = dedent.Dedent(`
Kubernetes master initialised successfully!
You can connect any number of nodes by running:
You can now join any number of machines by running the following on each node:
kubeadm join --token %s %s
`)
)
// NewCmdInit returns "kubeadm init" command.
func NewCmdInit(out io.Writer, s *kubeadmapi.KubeadmConfig) *cobra.Command {
advertiseAddrs := &[]string{}
cmd := &cobra.Command{
Use: "init",
Short: "Run this on the first server you deploy onto.",
Short: "Run this on the first machine.",
Run: func(cmd *cobra.Command, args []string) {
err := RunInit(out, cmd, args, s, advertiseAddrs)
cmdutil.CheckErr(err) // TODO(phase1+) append alpha warning with bugs URL etc
@ -54,28 +55,28 @@ func NewCmdInit(out io.Writer, s *kubeadmapi.KubeadmConfig) *cobra.Command {
cmd.PersistentFlags().StringVar(
&s.Secrets.GivenToken, "token", "",
`(optional) Shared secret used to secure bootstrap. Will be generated and displayed if not provided.`,
`(optional) Shared secret used to secure cluster bootstrap. If none is provided, one will be generated for you.`,
)
cmd.PersistentFlags().StringSliceVar(
advertiseAddrs, "api-advertise-addr", []string{},
`(optional) IP address to advertise, in case autodetection fails.`,
advertiseAddrs, "api-advertise-addresses", []string{},
`(optional) The IP addresses to advertise, in case autodetection fails.`,
)
cmd.PersistentFlags().StringSliceVar(
&s.InitFlags.API.ExternalDNSName, "api-external-dns-name", []string{},
`(optional) DNS name to advertise, in case you have configured one yourself.`,
&s.InitFlags.API.ExternalDNSNames, "api-external-dns-names", []string{},
`(optional) The DNS names to advertise, in case you have configured them yourself.`,
)
cmd.PersistentFlags().IPNetVar(
&s.InitFlags.Services.CIDR, "service-cidr", *kubeadmapi.DefaultServicesCIDR,
`(optional) use alterantive range of IP address for service VIPs, e.g. "10.16.0.0/12"`,
`(optional) use alternative range of IP address for service VIPs, e.g. "10.16.0.0/12"`,
)
cmd.PersistentFlags().StringVar(
&s.InitFlags.Services.DNSDomain, "service-dns-domain", kubeadmapi.DefaultServiceDNSDomain,
`(optional) use alterantive domain name for services, e.g. "myorg.internal"`,
`(optional) use alternative domain for services, e.g. "myorg.internal"`,
)
cmd.PersistentFlags().StringVar(
&s.InitFlags.CloudProvider, "cloud-provider", "",
`(optional) enable cloud proiver features (external load-balancers, storage, etc)`,
`(optional) enable a specific cloud provider features (external load-balancers, storage, etc), e.g. "gce"`,
)
cmd.PersistentFlags().BoolVar(
&s.InitFlags.Schedulable, "schedule-workload", false,
@ -85,6 +86,7 @@ func NewCmdInit(out io.Writer, s *kubeadmapi.KubeadmConfig) *cobra.Command {
return cmd
}
// RunInit executes master node provisioning, including certificates, needed static pod manifests, etc.
func RunInit(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.KubeadmConfig, advertiseAddrs *[]string) error {
// Auto-detect the IP
if len(*advertiseAddrs) == 0 {
@ -98,7 +100,7 @@ func RunInit(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.Kub
for _, i := range *advertiseAddrs {
addr := net.ParseIP(i)
if addr == nil {
return fmt.Errorf("<cmd/init> failed to parse flag (%q) as an IP address", "--api-advertise-addr="+i)
return fmt.Errorf("<cmd/init> failed to parse flag (%q) as an IP address", "--api-advertise-addresses="+i)
}
s.InitFlags.API.AdvertiseAddrs = append(s.InitFlags.API.AdvertiseAddrs, addr)
}
@ -152,7 +154,7 @@ func RunInit(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.Kub
}
// TODO(phase1+) use templates to reference struct fields directly as order of args is fragile
fmt.Fprintf(out, init_done_msgf,
fmt.Fprintf(out, initDoneMsgf,
s.Secrets.GivenToken,
s.InitFlags.API.AdvertiseAddrs[0].String(),
)

15
cmd/kubeadm/app/cmd/join.go
View File

@ -31,35 +31,36 @@ import (
)
var (
join_done_msgf = dedent.Dedent(`
joinDoneMsgf = dedent.Dedent(`
Node join complete:
* Certificate signing request sent to master and response
received.
* Kubelet informed of new secure connection details.
Run 'kubectl get nodes' on the master to see this node join.
Run 'kubectl get nodes' on the master to see this machine join.
`)
)
// NewCmdJoin returns "kubeadm join" command.
func NewCmdJoin(out io.Writer, s *kubeadmapi.KubeadmConfig) *cobra.Command {
cmd := &cobra.Command{
Use: "join",
Short: "Run this on other servers to join an existing cluster.",
Short: "Run this on any machine you wish to join an existing cluster.",
Run: func(cmd *cobra.Command, args []string) {
err := RunJoin(out, cmd, args, s)
cmdutil.CheckErr(err)
},
}
// TODO this should become `kubeadm join --token=<...> <master-ip-addr>`
cmd.PersistentFlags().StringVarP(
&s.Secrets.GivenToken, "token", "", "",
`Shared secret used to secure bootstrap. Must match output of 'init-master'.`,
`Shared secret used to secure bootstrap. Must match the output of 'kubeadm init'.`,
)
return cmd
}
// RunJoin executes worked node provisioning and tries to join an existing cluster.
func RunJoin(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.KubeadmConfig) error {
// TODO this we are missing args from the help text, there should be a way to tell cobra about it
if len(args) == 0 {
@ -68,7 +69,7 @@ func RunJoin(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.Kub
for _, i := range args {
addr := net.ParseIP(i) // TODO(phase1+) should allow resolvable names too
if addr == nil {
return fmt.Errorf("<cmd/join> failed parse argument (%q) as an IP address", i)
return fmt.Errorf("<cmd/join> failed to parse argument (%q) as an IP address", i)
}
s.JoinFlags.MasterAddrs = append(s.JoinFlags.MasterAddrs, addr)
}
@ -91,6 +92,6 @@ func RunJoin(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.Kub
return err
}
fmt.Fprintf(out, join_done_msgf)
fmt.Fprintf(out, joinDoneMsgf)
return nil
}

14
cmd/kubeadm/app/images/images.go
View File

@ -24,19 +24,19 @@ import (
const (
KubeEtcdImage = "etcd"
KubeApiServerImage = "apiserver"
KubeAPIServerImage = "apiserver"
KubeControllerManagerImage = "controller-manager"
KubeSchedulerImage = "scheduler"
KubeProxyImage = "proxy"
KubeDnsImage = "kube-dns"
KubeDnsmasqImage = "dnsmasq"
KubeDNSImage = "kube-dns"
KubeDNSmasqImage = "dnsmasq"
KubeExechealthzImage = "exechealthz"
gcrPrefix = "gcr.io/google_containers"
etcdVersion = "2.2.5"
kubeDnsVersion = "1.7"
kubeDNSVersion = "1.7"
dnsmasqVersion = "1.3"
exechealthzVersion = "1.1"
)
@ -51,7 +51,7 @@ func GetCoreImage(image string, overrideImage string) string {
return map[string]string{
KubeEtcdImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "etcd", runtime.GOARCH, etcdVersion),
KubeApiServerImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-apiserver", runtime.GOARCH, DefaultKubeVersion),
KubeAPIServerImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-apiserver", runtime.GOARCH, DefaultKubeVersion),
KubeControllerManagerImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-controller-manager", runtime.GOARCH, DefaultKubeVersion),
KubeSchedulerImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-scheduler", runtime.GOARCH, DefaultKubeVersion),
KubeProxyImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-proxy", runtime.GOARCH, DefaultKubeVersion),
@ -60,8 +60,8 @@ func GetCoreImage(image string, overrideImage string) string {
func GetAddonImage(image string) string {
return map[string]string{
KubeDnsImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kubedns", runtime.GOARCH, kubeDnsVersion),
KubeDnsmasqImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-dnsmasq", runtime.GOARCH, dnsmasqVersion),
KubeDNSImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kubedns", runtime.GOARCH, kubeDNSVersion),
KubeDNSmasqImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-dnsmasq", runtime.GOARCH, dnsmasqVersion),
KubeExechealthzImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "exechealthz", runtime.GOARCH, exechealthzVersion),
}[image]
}

3
cmd/kubeadm/app/kubeadm.go
View File

@ -28,8 +28,6 @@ import (
"k8s.io/kubernetes/pkg/util/logs"
)
var CommandLine *pflag.FlagSet
// TODO(phase2) use componentconfig
// we need some params for testing etc, let's keep these hidden for now
func getEnvParams() map[string]string {
@ -56,7 +54,6 @@ func getEnvParams() map[string]string {
}
func Run() error {
CommandLine = pflag.NewFlagSet(os.Args[0], pflag.ContinueOnError)
logs.InitLogs()
defer logs.FlushLogs()

11
cmd/kubeadm/app/master/addons.go
View File

@ -21,14 +21,15 @@ import (
"path"
"runtime"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
"k8s.io/kubernetes/cmd/kubeadm/app/images"
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/resource"
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
"k8s.io/kubernetes/cmd/kubeadm/app/images"
ipallocator "k8s.io/kubernetes/pkg/registry/service/ipallocator"
"k8s.io/kubernetes/pkg/util/intstr"
)
// TODO(phase1+): kube-proxy should be a daemonset, three different daemonsets should not be here
func createKubeProxyPodSpec(s *kubeadmapi.KubeadmConfig, architecture string) api.PodSpec {
privilegedTrue := true
@ -112,7 +113,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.KubeadmConfig) api.PodSpec {
// DNS server
{
Name: "kube-dns",
Image: images.GetAddonImage(images.KubeDnsImage),
Image: images.GetAddonImage(images.KubeDNSImage),
Resources: api.ResourceRequirements{
Limits: dnsPodResources,
Requests: dnsPodResources,
@ -164,7 +165,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.KubeadmConfig) api.PodSpec {
// dnsmasq
{
Name: "dnsmasq",
Image: images.GetAddonImage(images.KubeDnsmasqImage),
Image: images.GetAddonImage(images.KubeDNSmasqImage),
Resources: api.ResourceRequirements{
Limits: dnsPodResources,
Requests: dnsPodResources,
@ -233,7 +234,7 @@ func CreateEssentialAddons(s *kubeadmapi.KubeadmConfig, client *clientset.Client
arches := [3]string{"amd64", "arm", "arm64"}
for _, arch := range arches {
kubeProxyDaemonSet := NewDaemonSet(kubeProxy + "-" + arch, createKubeProxyPodSpec(s, arch))
kubeProxyDaemonSet := NewDaemonSet(kubeProxy+"-"+arch, createKubeProxyPodSpec(s, arch))
SetMasterTaintTolerations(&kubeProxyDaemonSet.Spec.Template.ObjectMeta)
if _, err := client.Extensions().DaemonSets(api.NamespaceSystem).Create(kubeProxyDaemonSet); err != nil {

2
cmd/kubeadm/app/master/discovery.go
View File

@ -22,10 +22,10 @@ import (
"encoding/json"
"fmt"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/apis/extensions"
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
certutil "k8s.io/kubernetes/pkg/util/cert"
)

2
cmd/kubeadm/app/master/kubeconfig.go
View File

@ -22,9 +22,9 @@ import (
"fmt"
// TODO: "k8s.io/client-go/client/tools/clientcmd/api"
clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
certutil "k8s.io/kubernetes/pkg/util/cert"
)

32
cmd/kubeadm/app/master/manifests.go
View File

@ -23,11 +23,11 @@ import (
"os"
"path"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
"k8s.io/kubernetes/cmd/kubeadm/app/images"
"k8s.io/kubernetes/pkg/api/resource"
"k8s.io/kubernetes/pkg/api/unversioned"
api "k8s.io/kubernetes/pkg/api/v1"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
"k8s.io/kubernetes/cmd/kubeadm/app/images"
cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
"k8s.io/kubernetes/pkg/util/intstr"
)
@ -54,6 +54,8 @@ const (
//
//E0817 17:53:22.242658 1 event.go:258] Could not construct reference to: '&api.Endpoints{TypeMeta:unversioned.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:api.ObjectMeta{Name:"kube-scheduler", GenerateName:"", Namespace:"kube-system", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:unversioned.Time{Time:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*unversioned.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]api.OwnerReference(nil), Finalizers:[]string(nil)}, Subsets:[]api.EndpointSubset(nil)}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Normal' '%v became leader' 'moby'
// WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk
// where kubelet will pick and schedule them.
func WriteStaticPodManifests(s *kubeadmapi.KubeadmConfig) error {
staticPodSpecs := map[string]api.Pod{
// TODO this needs a volume
@ -73,7 +75,7 @@ func WriteStaticPodManifests(s *kubeadmapi.KubeadmConfig) error {
// TODO bind-mount certs in
kubeAPIServer: componentPod(api.Container{
Name: kubeAPIServer,
Image: images.GetCoreImage(images.KubeApiServerImage, s.EnvParams["hyperkube_image"]),
Image: images.GetCoreImage(images.KubeAPIServerImage, s.EnvParams["hyperkube_image"]),
Command: getComponentCommand(apiServer, s),
VolumeMounts: []api.VolumeMount{k8sVolumeMount()},
LivenessProbe: componentProbe(8080, "/healthz"),
@ -113,6 +115,8 @@ func WriteStaticPodManifests(s *kubeadmapi.KubeadmConfig) error {
return nil
}
// etcdVolume returns an host-path volume for storing etcd data.
// By using a host-path, the data will survive pod restart.
func etcdVolume(s *kubeadmapi.KubeadmConfig) api.Volume {
return api.Volume{
Name: "etcd",
@ -189,7 +193,7 @@ func componentPod(container api.Container, volumes ...api.Volume) api.Pod {
func getComponentCommand(component string, s *kubeadmapi.KubeadmConfig) (command []string) {
// TODO: make a global constant of this
pki_dir := "/etc/kubernetes/pki"
pkiDir := "/etc/kubernetes/pki"
baseFlags := map[string][]string{
apiServer: []string{
@ -197,11 +201,11 @@ func getComponentCommand(component string, s *kubeadmapi.KubeadmConfig) (command
"--etcd-servers=http://127.0.0.1:2379",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
"--service-cluster-ip-range=" + s.InitFlags.Services.CIDR.String(),
"--service-account-key-file=" + pki_dir + "/apiserver-key.pem",
"--client-ca-file=" + pki_dir + "/ca.pem",
"--tls-cert-file=" + pki_dir + "/apiserver.pem",
"--tls-private-key-file=" + pki_dir + "/apiserver-key.pem",
"--token-auth-file=" + pki_dir + "/tokens.csv",
"--service-account-key-file=" + pkiDir + "/apiserver-key.pem",
"--client-ca-file=" + pkiDir + "/ca.pem",
"--tls-cert-file=" + pkiDir + "/apiserver.pem",
"--tls-private-key-file=" + pkiDir + "/apiserver-key.pem",
"--token-auth-file=" + pkiDir + "/tokens.csv",
"--secure-port=443",
"--allow-privileged",
},
@ -210,10 +214,10 @@ func getComponentCommand(component string, s *kubeadmapi.KubeadmConfig) (command
"--leader-elect",
"--master=127.0.0.1:8080",
"--cluster-name=" + DefaultClusterName,
"--root-ca-file=" + pki_dir + "/ca.pem",
"--service-account-private-key-file=" + pki_dir + "/apiserver-key.pem",
"--cluster-signing-cert-file=" + pki_dir + "/ca.pem",
"--cluster-signing-key-file=" + pki_dir + "/ca-key.pem",
"--root-ca-file=" + pkiDir + "/ca.pem",
"--service-account-private-key-file=" + pkiDir + "/apiserver-key.pem",
"--cluster-signing-cert-file=" + pkiDir + "/ca.pem",
"--cluster-signing-key-file=" + pkiDir + "/ca-key.pem",
"--insecure-experimental-approve-all-kubelet-csrs-for-group=system:kubelet-bootstrap",
"--cluster-cidr=" + s.InitFlags.Services.CIDR.String(),
},
@ -239,7 +243,7 @@ func getComponentCommand(component string, s *kubeadmapi.KubeadmConfig) (command
// Only append the --cloud-config option if there's a such file
if _, err := os.Stat(DefaultCloudConfigPath); err == nil {
command = append(command, "--cloud-config=" + DefaultCloudConfigPath)
command = append(command, "--cloud-config="+DefaultCloudConfigPath)
}
}

8
cmd/kubeadm/app/master/pki.go
View File

@ -60,7 +60,7 @@ func newServerKeyAndCert(s *kubeadmapi.KubeadmConfig, caCert *x509.Certificate,
internalAPIServerVirtualIP, err := ipallocator.GetIndexedIP(&s.InitFlags.Services.CIDR, 1)
if err != nil {
return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%s]")
return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%s]", &s.InitFlags.Services.CIDR, err)
}
altNames.IPs = append(altNames.IPs, internalAPIServerVirtualIP)
@ -117,7 +117,7 @@ func writeKeysAndCert(pkiPath string, name string, key *rsa.PrivateKey, cert *x5
if cert != nil {
if err := certutil.WriteCert(certificatePath, certutil.EncodeCertPEM(cert)); err != nil {
return fmt.Errorf("unable to write certificate file (%q) [%s]", err)
return fmt.Errorf("unable to write certificate file (%q) [%s]", certificatePath, err)
}
}
@ -142,8 +142,8 @@ func CreatePKIAssets(s *kubeadmapi.KubeadmConfig) (*rsa.PrivateKey, *x509.Certif
altNames.IPs = append(altNames.IPs, s.InitFlags.API.AdvertiseAddrs...)
}
if len(s.InitFlags.API.ExternalDNSName) > 0 {
altNames.DNSNames = append(altNames.DNSNames, s.InitFlags.API.ExternalDNSName...)
if len(s.InitFlags.API.ExternalDNSNames) > 0 {
altNames.DNSNames = append(altNames.DNSNames, s.InitFlags.API.ExternalDNSNames...)
}
pkiPath := path.Join(s.EnvParams["host_pki_path"])

17
cmd/kubeadm/app/node/csr.go
View File

@ -19,31 +19,22 @@ package node
import (
"fmt"
"io/ioutil"
"strings"
"os"
"strings"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
"k8s.io/kubernetes/pkg/apis/certificates"
unversionedcertificates "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned"
"k8s.io/kubernetes/pkg/client/restclient"
"k8s.io/kubernetes/pkg/client/typed/discovery"
"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
"k8s.io/kubernetes/pkg/kubelet/util/csr"
certutil "k8s.io/kubernetes/pkg/util/cert"
)
func PerformTLSBootstrapFromConfig(s *kubeadmapi.KubeadmConfig) (*clientcmdapi.Config, error) {
caCert, err := ioutil.ReadFile(s.ManualFlags.CaCertFile)
if err != nil {
return nil, fmt.Errorf("<node/csr> failed to load CA certificate [%s]", err)
}
return PerformTLSBootstrap(s, strings.Split(s.ManualFlags.ApiServerURLs, ",")[0], caCert)
}
// Create a restful client for doing the certificate signing request.
// PerformTLSBootstrap creates a RESTful client in order to execute certificate signing request.
func PerformTLSBootstrap(s *kubeadmapi.KubeadmConfig, apiEndpoint string, caCert []byte) (*clientcmdapi.Config, error) {
// TODO try all the api servers until we find one that works
bareClientConfig := kubeadmutil.CreateBasicClientConfig("kubernetes", apiEndpoint, caCert)

2
cmd/kubeadm/app/node/discovery.go
View File

@ -24,8 +24,8 @@ import (
"net/http"
jose "github.com/square/go-jose"
clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
)
func RetrieveTrustedClusterInfo(s *kubeadmapi.KubeadmConfig) (*clientcmdapi.Config, error) {

2
cmd/kubeadm/app/util/kubeconfig.go
View File

@ -22,9 +22,9 @@ import (
"path"
// TODO: "k8s.io/client-go/client/tools/clientcmd/api"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api"
)
func CreateBasicClientConfig(clusterName string, serverURL string, caCert []byte) *clientcmdapi.Config {